HAProxy Interface/eth aware binding as non root user

haproxylinux-networking

I have 2 network interfaces on my instance (eth0 and eth1) I am trying to setup HAProxy to be interface aware and have separate frontends per interface.

The config below works as root (ie. i do not set user haproxy portion). Wondering if there is a way to bind to interfaces and still run as non root user?

https://cbonte.github.io/haproxy-dconv/1.6/management.html#13 suggests that root privileges are required only for outbound interface awareness – is the documentation partial or am i missing some setting?

Config snippet

global
    #Works only without below line but its implication is running as root user
    user haproxy 
frontend frontend_tcp_eth1
    mode tcp
    bind 0.0.0.0:80 interface eth1

Best Answer

You try to bind to port 80

bind 0.0.0.0:80

This is a privileged port

https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html

To bind to this port you will need root privileges as described in the documentation.

https://cbonte.github.io/haproxy-dconv/1.6/management.html#13

bind to privileged port numbers

Related Solutions

Using HAProxy, matching root URL only in ACL

The answer to this was astoundingly simple of course. The ACL needed to regex match ^$|^/$|^/articles|^/blogs

Below is my conf:

global
  pidfile  /var/run/haproxy.pid
  quiet
  daemon

defaults
  mode  http
  option  httplog
  option  dontlognull
  option http-server-close
  retries 1
  maxconn 1024
  contimeout  15000
  clitimeout  60050
  srvtimeout    1200000

frontend www
  bind :80

  acl is_for_server2 path_reg ^$|^/$|^/articles|^/blogs

  use_backend server2 if is_for_server2

  default_backend server1

backend server1
  option forwardfor
  server server1 10.0.8.1 maxconn 1500

backend server2
  option forwardfor
  server server2 10.0.8.2 maxconn 1500

HAProxy: Redirect Root Site Root to Subsite

nlu is almost there, but the is_root ACL is a little bit off.

Using path_beg will lead to any and all paths being matched, when really you only want to redirect requests with an empty path.

Try using acl is_root path -i / instead since it will only match when the path is ONLY /.

acl is_root path -i /
acl is_domain hdr(host) -i www.domain.com

redirect code 301 location http://www.domain.com/subsite if is_domain is_root

Best Answer

Related Solutions

Using HAProxy, matching root URL only in ACL

HAProxy: Redirect Root Site Root to Subsite

Related Topic